Automatic propagation of password updates on multiple devices

ABSTRACT

Embodiments are directed to techniques to automatically propagate password updates onto other devices that use a shared password to protect respective secure keys or other secrets. This may be done by calculating update data using a new password and an old password entered onto one device as part of a password change operation, and sending the update data to the other devices for use in updating the password on those devices.

BACKGROUND

A user of a computing device may use a password to access that device.In order to increase security, a secure key may be used on the device.The user's password may be a share of the secure key, which, togetherwith a local share stored on the computing device, may be used to unlockthe secure key. In some systems, a user is able to operate the computingdevice without entering his password when the computing device is onlineand able to access a remote share in the cloud.

SUMMARY

Unfortunately, the above-described conventional systems may suffer fromdeficiencies. If a user has multiple devices, he may wish to use thesame password on all of the devices in order to avoid having to rememberseveral passwords. It is possible to use a single password for use withdifferent secure keys on different devices using techniques similar tothose described in U.S. patent application Ser. No. 14/577,206 entitled“PROTECTION OF A SECRET ON A MOBILE DEVICE USING A SECRET-SPLITTINGTECHNIQUE WITH A FIXED USER SHARE” by Salah Machani, NikolaosTriandopoulos, and Lawrence N. Friedman, filed on Dec. 19, 2014, theentire contents and teachings of which are incorporated herein in theirentirety by this reference. However, if the user updates his password onone device, the password change will not propagate to the other devices,requiring the user to update his password on each device separately.

Thus, it would be desirable to provide techniques to automaticallypropagate password updates onto other devices that use a shared passwordto protect respective secure keys or other secrets. This may be done bycalculating update data using a new password and an old password enteredonto one device as part of a password change operation, and sending theupdate data to the other devices for use in updating the password onthose devices.

A method performed by a computing device configured to implement a (t,n) Shamir secret sharing scheme, the (t, n) Shamir secret sharing schemeproviding access to a secret upon any t out of n shares being known foran integer t≧2 for an integer n>t is provided. The method includes (a)receiving, from a user, a password-update command including a newpassword that supersedes an old password, the old password defining anold password share and the new password defining a new password share,the new password share superseding the old password share as a userpassword share of the (t, n) Shamir secret sharing scheme implemented bythe computing device, (b) calculating update data using the new passwordshare and the old password share, (c) updating one or more local sharesof the (t, n) Shamir secret sharing scheme implemented by the computingdevice to be usable in conjunction with the new password share ratherthan the old password share to provide access to a secret key, and (d)sending the update data to another computing device configured toimplement the (t, n) Shamir secret sharing scheme to provide access toanother secret key, the other computing device being configured toupdate one or more local shares of the other computing device of the (t,n) Shamir secret sharing scheme implemented by the other computingdevice using the update data, permitting the user to utilize the othercomputing device to reconstruct the other secret key without enteringthe old password. An apparatus, computer program product, and system forperforming similar methods are also provided.

BRIEF DESCRIPTION OF THE DRAWINGS

The foregoing and other objects, features, and advantages will beapparent from the following description of particular embodiments of thepresent disclosure, as illustrated in the accompanying drawings in whichlike reference characters refer to the same parts throughout thedifferent views.

FIG. 1 is a block diagram depicting an example system and apparatus foruse in connection with various embodiments.

FIG. 2 is a flowchart depicting an example method performed by a firstdevice according to various embodiments.

FIG. 3 is a flowchart depicting an example method performed by a deviceremote from the first device according to various embodiments.

FIG. 4 is a flowchart depicting an example method performed by a deviceremote from the first device according to other embodiments.

FIG. 5 is a graph depicting an example method according to variousembodiments.

DETAILED DESCRIPTION

Embodiments are directed to techniques to automatically propagatepassword updates onto other devices that use a shared password toprotect respective secure keys or other secrets. This may be done bycalculating update data using a new password and an old password enteredonto one device as part of a password change operation, and sending theupdate data to the other devices for use in updating the password onthose devices.

FIG. 1 depicts a system 30. System 30 includes a first computing device32 connected to second computing device 38 and a cloud server 40 over anetwork 36. In some embodiments, there may be additional other computingdevices 38 within the system 30 as well.

First computing device 32 may be any kind of computing device, such as,for example, a personal computer, a workstation computer, a laptopcomputer, a mobile computing device, a smartphone, a tablet computer, aserver computer, etc. Typically, however, first computing device 32 is amobile device, such as a smartphone or a tablet, or a personal computer.First computing device 32 is under the control of a user 34.

First computing device includes network interface circuitry 42, userinterface (UI) circuitry 43, processing circuitry 44, and memory 46.

Network interface circuitry 42 may include one or more Ethernet cards,cellular modems, Fibre Channel adapters, Wireless Fidelity (WiFi)wireless networking adapters, any other devices for connecting tonetwork 36, or some combination thereof. Network 36 may be any kind ofnetwork suitable for interconnecting computing devices, such as, forexample, a local area network, a wide area network, a storage areanetwork, a virtual private network, a cellular data network, aninterconnected fabric of switched connections, a point-to-pointconnection, or some combination of the above.

UI circuitry 43 interfaces with one or more UI devices (not depicted)that allow the user 34 to input and receive data to and from thecomputing device 32. For example, UI circuitry 43 may include a serialbus adapter, a graphics adapter, etc., while the UI devices may includeone or more of a display device (e.g., a CRT, LCD, plasma, or LEDmonitor) and an input device (e.g., a mouse, trackpad, tracking stick,keyboard, microphone, biometric sensor, etc.).

Processing circuitry 44 may be any kind of processor or set ofprocessors configured to perform operations, such as, for example, amicroprocessor, a multi-core microprocessor, a digital signal processor,a system on a chip, a collection of electronic circuits, a similar kindof controller, or any combination of the above.

Memory 46 may be any kind of digital system memory, such as, forexample, random access memory (RAM). Memory 46 stores an executingoperating system (OS, not depicted) and one or more applications (e.g.,secret access application 66) executing on processing circuitry 44 aswell as data used by those applications. Memory 46 stores an oldpassword share 48, a new password share 50, one or more local shares 52(depicted as first local share 52(a), second local share 52(b)), updatedata 56, and an encrypted resource 60. At various points, memory 46 mayalso ephemerally store one or more remote shares 54 (depicted as firstremote share 54(a), second remote share 54(b)) and a secret key 58 usedto encrypt the encrypted resource 60. Secret access application 47within memory 46 includes a secret update module 49, used to implementcertain embodiments.

In some embodiments, memory 46 may also include a persistent storageportion (not depicted). Persistent storage may be made up of one or morepersistent storage devices, such as, for example, hard disk drives,solid-state storage devices, flash drives, etc. Persistent storage isconfigured to store programs and data even while the computing device 32is powered off. The OS (e.g., Linux, UNIX, Windows, or a similaroperating system) and the applications (e.g., secret access application47) are typically stored in persistent storage so that they may beloaded into memory 46 from persistent storage upon a system restart.These applications, when stored in non-transient form either in thevolatile portion of memory 46 or in persistent storage, form a computerprogram product. The processing circuitry 44 running one or more ofthese applications thus forms a specialized circuit constructed andarranged to carry out the various processes described herein. Thepersistent storage may also store certain data, such as, for example,old password share 48, new password share 50, and local shares 52 sothat this data may be restored to the volatile portion of memory 46 upona system restart. In some embodiments, encrypted resource 60 may bestored entirely within persistent storage rather than within thevolatile portion of memory 46.

User 34 may operate first computing device 32 to run secret accessapplication 47 in order to gain access to the encrypted resource 60.Secret key 58 may be protected using a secret sharing scheme, such as,for example, a (t, n) Shamir secret sharing scheme, meaning that uponthe secret access application 47 having access to at least t (for aninteger t, t being at least two, and more commonly at least three)shares (e.g., password shares 48, 50, local shares 52, remote shares 54)out of n total shares, secret access application 47 is able toreconstruct secret key 58, allowing it to access the encrypted resource60. Initially, user 34 enters an old password 70 into the computingdevice 32 using UI circuitry 43. In some embodiments, old password 70 isthen (temporarily, for the length of a user session) stored as oldpassword share 48 within memory 46. In other embodiments, old password70 is transformed (e.g., using a key derivation function) into oldpassword share 48 to be stored (temporarily, for the length of a usersession) within memory 46.

In embodiments in which a (3, 5) Shamir secret sharing scheme is used,there are two locally-stored local shares 52(a), 52(b). Thus, secretaccess application 47 is able to recreate the secret key 58 using theold password share 48 and the two locally-stored local shares 52(a),52(b). If the first computing device 32 is connected to network 34 andable to communicate with cloud server 40 (i.e., operating in “onlinemode” rather than “offline mode”), secret access application 47 is ableto temporarily retrieve at least one remote share 54, allowing secretaccess application 47 to recreate the secret key 58 using the twolocally-stored local shares 52(a), 52(b) and the at least one remoteshare 54.

In embodiments in which a (2, 3) Shamir secret sharing scheme is used,there is only one locally-stored local shares 52. Thus, secret accessapplication 47 is able to recreate the secret key 58 using the oldpassword share 48 and the locally-stored local share 52. In theseembodiments, there is also only one remote share 54. Thus, if the firstcomputing device 32 is connected to network 34 and able to communicatewith cloud server 40, secret access application 47 is able totemporarily retrieve remote share 54, allowing secret access application47 to recreate the secret key 58 using the locally-stored local share 52and the remote share 54.

Second computing device 38 is similar to first computing device 32,having a similar hardware structure and also running a secret accessapplication (not depicted). Second computing device 38 has its ownsecret (e.g., secret key) 68, which it is also able to reconstruct withthe (t, n) Shamir secret sharing scheme, but using its own local shares62 (depicted as first local share of second device 62(a), second localshare of second device 62(b)). The user 34 may also enter in an oldpassword 74 in offline mode to aid in the reconstruction of the othersecret 68, however, in order to simplify what the user 34 needs toremember, this old password 74 is the same as the old password 70 usedfor the first computing device 32. In online mode, the second computingdevice 38 is able to use its local shares 62 and at least one of its ownremote shares 64 retrieved from cloud server 40 to reconstruct thesecret 68.

It should be understood that the first computing device 32 and thesecond computing device 38 have one share in common, namely the oldpassword share, derived from the old password 70, 74 of the user 34, butthe remaining of the n shares for each device 32, 38 are different,allowing each device 32, 38 to have a different secret key 58, 68.

There may also be additional computing devices (not depicted) under thecontrol of the user 34, each having its own respective secret keyprotected by a (t, n) Shamir secret sharing scheme with the old passwordshare 48 as one of its shares.

Cloud server 40 may also be similar in its hardware structure to firstcomputing device 32, although typically cloud server will be ahigh-powered server computer permanently connected to network 36. Cloudserver 40 stores remote shares 54, 64 for the first computing device 32and the second computing device 38, respectively, typically inpersistent storage. Before providing a remote share 54, 64 to anycomputing device 32, 38, cloud server 40 will typically require someform of authentication to ensure that it is communicating with anauthorized device.

If the user wishes to change his password, then the user 34 may operatesecret update module 49 on the first computing device 49 to enter a newpassword 72. In some embodiments, the password update process alsorequires the user 34 to re-enter the old password 70. New password 72may either be directly stored as new password share 50 or new password72 may be used to derive new password share 50, as described above inconnection with the old password 70. Secret update module 49 is thenable to update the local shares 52 to be consistent with the newpassword while still protecting the same secret key 58. Secret updatemodule 49 also generates update data 56 using both the old passwordshare 48 and the new password share 50, and sends the update data 56 tothe cloud server 40 to allow the cloud server 40 to update the remoteshares 54. Secret update module 49 also sends the update data 56 to thesecond computing device 38 to allow the second computing device 38 toalso update its local shares 62 so that the user 34 does not need toengage in a separate password update process on the second computingdevice 38. Cloud server 40 may also use the update data 56 to update itsremote shares 64 for the second computing device 38.

The operation of secret update module 49 is described according tovarious embodiments in FIG. 2, while the related operation of the secondcomputing device 38 and the cloud server 40 during the password updateprocess are described according to various embodiments in FIGS. 3 and 4.

FIG. 2 depicts an example method 100 performed by first computing device32 for automatically propagating password updates onto other devices 38that use a shared password to protect respective secure keys or othersecrets. It should be understood that any time a piece of software(e.g., secret access application 47, secret update module 49, etc.) isdescribed as performing a method, process, step, or function, inactuality what is meant is that a computing device or distributedcomputing system (e.g., first computing device 32, second computingdevice 38, cloud server 40, etc.) on which that piece of software isrunning performs the method, process, step, or function when executingthat piece of software on its processing circuitry 44. It should beunderstood that although depicted in one order, one or more steps orsub-steps may be combined together or performed in a different order.

In step 110, secret update module 49 operating on first computing device32 receives a password update command from user 34. The password updatecommand includes a new password 72 to supersede an old password 70. Insome embodiments the password update command also includes the oldpassword 70, although this may not be needed when the user 34 is alreadylogged in. In some embodiments, step 110 may be performed using apassword update wizard, as is well-known in the art. The new password 72may be transformed and stored in memory 46 as new password share 50.

In step 120, secret update module 49 calculates update data 56 using thenew password share 50 and the old password share 48. Step 120 may beperformed in various ways, including either sub-step 122 or sub-steps124-128.

In sub-step 122, which is only performed in embodiments in which theuser 34 enters the old password 70 as part of step 110, secret updatemodule 49 applies a reversible operator to the new password share 50 andthe old password share 48, using the result as the update data 56.Various reversible operators may be used, but preferably a reversibleoperator that provides no information leakage about either the oldpassword 70 or the new password 72 should be used, For example, thereversible operator may be an exclusive-or (XOR) operator that operateson the bits of the new password share 50 and the old password share 48.

Alternatively, sub-steps 124-128 may be performed instead of sub-step122. Sub-step 124 is optional, only being performed in embodiments inwhich the user 34 did not enter the old password 70 as part of step 110.Thus, in sub-step 124, secret update module 49 reconstructs the oldpassword share 48 using the (t, n) Shamir secret sharing scheme with thelocal shares 52 and the remote shares 54 as inputs. If a (2, 3) schemeis used, then the one local share 52 is combined with the one remoteshare 54 to recreate the polynomial underlying the sharing, allowing theold password share 48 to be calculated (e.g., by applying the polynomialto a pre-defined input, such as an input of the value one). If a (3, 5)scheme is used, then both local shares 52(a), 52(b) are combined withthe one of the remote shares 54(a), 54(b) (or, possibly, one of thelocal shares 52(a), 52(b) is combined with the both of the remote shares54(a), 54(b)) to recreate the polynomial underlying the sharing,allowing the old password share 48 to be calculated (e.g., by applyingthe polynomial to a pre-defined input, such as an input of the valueone).

Then, in sub-step 126, secret update module 49 calculates a differencebetween the new password share 50 and the old password share 48 (i.e.,using a subtraction operation). Then, in sub-step 128, secret updatemodule 49 generates two values, d and e, which sum to the differencecalculated in sub-step 126. This may be done, for example, by randomlychoosing d and then setting e as the difference between the differencefrom sub-step 126 and d. Thus, the values d and e make up the updatedata 56.

In step 130, which, in some embodiments may be performed in parallelwith or prior to step 120, secret update module 49 updates the localshares 52 to be usable in conjunction with the new password share 50 inplace of the old password share 48 to reconstruct the secret key 58.Step 130 may be performed in various ways, including either sub-steps132-134 or sub-step 136.

In sub-step 132, secret update module 49 reconstructs the secret key 58using at least t shares (possibly using the old password share 48 andthe local shares 52 or possibly using the local shares 52 and the remoteshares 54) by reconstructing the polynomial and applying it to a fixedx-value (e.g., x=0). Then, in sub-step 134, secret update module 49generates updated local shares 52 using the (t, n) Shamir secret sharingscheme with the reconstructed secret key 58 and the new password share50 as inputs. Thus, a new polynomial is selected with those constraints,allowing the local shares 52 to be generated based on the newpolynomial.

Alternatively, sub-step 136 may be performed. In sub-step 136, insteadof directly calculating the underlying polynomial for the (t, n) Shamirsecret sharing scheme, the update value from sub-step 128 may be used.Thus, a function of d and e is added to each local share 52(a), 52(b) togive those local shares 52(a), 52(b) updated values. For example, if theunderlying polynomial is f₁(x) and local share 52(a) is defined asf₁(x₁) and local share 52(b) is defined as f₁(x₂) for some pre-selectedvalues x₁, x₂, then the value dx₁ ²+ex₁ is added to local share 52(a)and the value dx₂ ²+ex₂ is added to local share 52(b).

In step 140, which may be performed in parallel with step 130, or beforeor after, secret update module 49 sends the update data 56 over thenetwork 36 to the second computing device 38 and/or to the cloud server40. Sending the update data 56 to the cloud server 40 allows the remoteshares 54 to be updated, while sending the update data 56 to the secondcomputing device 38 allows the password to also be updated on the secondcomputing device 38.

FIGS. 3 and 4 depict the operation of the second computing device 38 andthe cloud server 40 upon receiving the update data 56 according todifferent embodiments. FIG. 3 depicts embodiments in which the updatedata 56 has been calculated as in sub-step 122, while FIG. 4 depictsembodiments in which the update data 56 has been calculated as insub-step 128.

FIG. 3 depicts a method 200 performed by either the second computingdevice 38 or the cloud server 40. When performed on the cloud server 40,steps 210-250 are performed to update the remote shares 54 on the cloudserver 40. In addition, steps 260-270 may also performed (omitting theparenthetical text) to additionally update the other remote shares 64for the second computing device 38 on the cloud server 40. When method200 is performed on the second computing device 38 to update the localshares 62 on the second computing device 38, steps 240 and 250 areomitted, and the parenthetical text is used in steps 260 and 270 insteadof the main text.

In step 210, the second computing device 38 and/or the cloud server 40receive the update data 56 from the first computing device 32. In step220, the user 34 enters the new password 72 into the second computingdevice 38 and/or the cloud server 40, allowing the new password share 50to be generated, as described above. Thus, method 200 may be performedin conjunction with the user 34 logging into second computing device 38.

In step 230, the second computing device 38 and/or the cloud server 40reconstructs the old password share 48 by applying the reversibleoperator in reverse to the update data 56 and the new password share 50.In the case of the XOR operator, the update data 56 can simply be XORedwith the new password share 50.

In step 240, the cloud server 40 reconstructs the secret key 58 usingthe (t, n) Shamir secret sharing scheme with the old password share 48and one or both of the remote shares 54 (depending whether it is a (2,3) or a (3, 5) scheme) as inputs. Then, in step 250, the cloud server 40updates the remote share(s) 54 using the (t, n) Shamir secret sharingscheme with the reconstructed secret key 58 and the new password share50 as inputs. For example, if the underlying polynomial is originallyf₁(x) but updated to f₁′(x) in step 240 and remote share 54(a) isinitially defined as f₁(x₃) and remote share 54(b) is initially definedas f₁(x₄) for some pre-selected values x₃, x₄, then remote share 54(a)is updated to be to f₁′(x₃), and remote share 54(b) is updated to be tof₁′(x₄).

In step 260, the cloud server 40 reconstructs the other secret key 68using the (t, n) Shamir secret sharing scheme with the old passwordshare 48 and one or both of the other remote shares 64 (dependingwhether it is a (2, 3) or a (3, 5) scheme) as inputs. Then, in step 270,the cloud server 40 updates the other remote share(s) 64 using the (t,n) Shamir secret sharing scheme with the reconstructed other secret key68 and the new password share 50 as inputs. For example, if theunderlying polynomial is originally f₂(x) but updated to f₂′(x) in step260 and other remote share 64(a) is initially defined as f₂(x₃) andother remote share 64(b) is initially defined as f₂(x₄) for somepre-selected values x₃, x₄, then other remote share 64(a) is updated tobe to f₂′(x₃), and other remote share 64(b) is updated to be to f₂′(x₄).

In step 260, the second computing device 38 reconstructs the othersecret key 68 using the (t, n) Shamir secret sharing scheme with the oldpassword share 48 and one or both of the other local shares 62(depending whether it is a (2, 3) or a (3, 5) scheme) as inputs. Then,in step 270, the second computing device 38 updates the other localshare(s) 62 using the (t, n) Shamir secret sharing scheme with thereconstructed other secret key 68 and the new password share 50 asinputs. For example, if the underlying polynomial is originally f₂(x)but updated to f₂′(x) in step 260 and other local share 62(a) isinitially defined as f₂(x₁) and other local share 62(b) is initiallydefined as f₂(x₂) for some pre-selected values x₁, x₂, then other localshare 62(a) is updated to be to f₂′(x₁), and other local share 62(b) isupdated to be to f₂′(x₂).

FIG. 4 depicts a method 300 performed by either the second computingdevice 38 or the cloud server 40. When performed on the cloud server 40,steps 310 and 330 are performed to update the remote shares 54 on thecloud server 40. In addition, step 340 may also performed toadditionally update the other remote shares 64 for the second computingdevice 38 on the cloud server 40. When method 300 is performed on thesecond computing device 38 to update the local shares 62 on the secondcomputing device 38, steps 310 and 320 are performed.

In step 310, the second computing device 38 and/or the cloud server 40receive the update data 56 from the first computing device 32.

In step 320, the second computing device 38 adds the same functions of dand e as in sub-step 136 to the other local shares 62 on the secondcomputing device 38 to update those values. Thus, for example, if theunderlying polynomial on the second computing device 38 is f₂(x) andother local share 62(a) is defined as f₂(x₁) and other local share 62(b)is defined as f₂(x₂) for the pre-selected values x₁, x₂, then the valuedx₁ ²+ex₁ is added to other local share 62(a) and the value dx₂ ²+ex₂ isadded to other local share 62(b).

In step 330, the cloud server 40 adds other functions of d and e to theremote shares 54 on the cloud server 40 to update those values. Thus,for example, if the underlying polynomial on the first computing device32 is f₁(x) and remote share 54(a) is defined as f₁(x₃) and remote share54(b) is defined as f₁(x₄) for pre-selected values x₃, x₄, then thevalue dx₃ ²+ex₃ is added to remote share 54(a) and the value dx₄ ²+ex₄is added to remote share 54(b).

In step 340, the cloud server 40 adds these other functions of d and eto the other remote shares 64 for the second computing device 38 on thecloud server 40 to update those values. Thus, for example, if theunderlying polynomial on the second computing device 38 is f₂(x) andother remote share 64(a) is defined as f₂(x₃) and other remote share64(b) is defined as f₂(x₄) for the pre-selected values x₃, x₄, then thevalue dx₃ ²+ex₃ is added to other remote share 64(a) and the value dx₄²+ex₄ is added to other remote share 64(b).

The operation of the embodiments of FIG. 4 may be better illustratedwith reference to the graph 400 in FIG. 5. Graph 400 depicts an initialcurve 402 defined by initial polynomial f₁ associated with old passwordshare 48 on first computing device 32, an updated curve 404 defined byupdated polynomial f₁′ associated with new password share 50 on firstcomputing device 32, an initial curve 406 defined by initial polynomialf₂ associated with old password share 48 on second computing device 38,and an updated curve 408 defined by updated polynomial f₂′ associatedwith new password share 50 on second computing device 38.

Polynomial f₁ may be defined by f₁(x)=a₁x²+b₁x+c₁ mod p for apre-selected prime integer p.

Polynomial f₂ may be defined by f₂(x)=a₂x²+b₂x+c₂ mod p.

First computing device 32 has a secret key 58, which is equal tof₁(0)=f₁′(0)=c₁, defined by y-intercept 410. Second computing device 38has other secret key 68, which is equal to f₂(0)=f₂′(0)=c₂, defined byy-intercept 412.

Initially, the old password share 48 is equal to f₁(1)=f₂(1)=a₁+b₁+c₁mod p, defined by point 414.

Thus, in the initial configuration defined by the old password share 48,first computing device 32 stores first local share 52(a) defined by apoint on curve 402 at f₁(x₁) and second local share 52(b) defined by apoint on curve 402 at f₁(x₂), while first remote share 54(a) is definedby a point on curve 402 at f₁(x₃) and second remote share 54(b) isdefined by a point on curve 402 at f₁(x₄).

Similarly, in the initial configuration defined by the old passwordshare 48, second computing device 38 stores first other local share62(a) share defined by a point on curve 406 at f₂(x₁) and second otherlocal share 62(b) defined by a point on curve 406 at f₂(x₂), while firstother remote share 64(a) is defined by a point on curve 406 at f₂(x₃)and second other remote share 64(b) is defined by a point on curve 406at f₂(x₄).

However, upon the new password 72 being entered, the new password share50 is equal to f₁′(1)=f₂′(1)=a₁+b₁+c₁+d+e mod p, defined by point 416.

Thus, the distance from point 414 to point 416 is defined to be d+e,allowing any values of d and e to be selected. As depicted, d and e areboth positive values, although that is by way of example only. Thevalues chosen for d and e define f₁′ and f₂′ by the formulaef₁(x)=(a₁+d)x²+(b₁+e)x+c₁ mod p and f₂(x)=(a₂+d)x²+(b₂+e)x+c₂ mod p.

Thus, updated values for the local shares 52, remote shares 54, otherlocal shares 62, and other remote shares 64 can be calculated asfollows:

Updated first local share 52(a) is:f ₁′(x ₁)=(a ₁ +d)x ₁ ²+(b ₁ +e)x ₁ +c ₁ mod p=f ₁(x ₁)+dx ₁ ² +ex ₁ modpwhich is equal to the initial first local share 52(a) plus dx₁ ²+ex₁.

Updated second local share 52(b) is:f ₁′(x ₂)=(a ₁ +d)x ₂ ²+(b ₁ +e)x ₂ +c ₁ mod p=(x ₂)+dx ₂ ² +ex ₂ mod pwhich is equal to the initial second local share 52(b) plus dx₂ ²+ex₂.

Updated first remote share 54(a) is:f ₁′(x ₃)=(a ₁ +d)x ₃ ²+(b ₁ +e)x ₃ +c ₁ mod p=(x ₃)+dx ₃ ² +ex ₃ mod pwhich is equal to the initial first remote share 54(a) plus dx₃ ²+ex₃.

Updated second remote share 54(b) is:f ₁′(x ₄)=(a ₁ +d)x ₄ ²+(b ₁ +e)x ₄ +c ₁ mod p=(x ₄)+dx ₄ ² +ex ₄ mod pwhich is equal to the initial second remote share 54(b) plus dx₄ ²+ex₄.

Updated first other local share 62(a) is:f ₂′(x ₁)=(a ₂ +d)x ₁ ²+(b ₂ +e)x ₁ +c ₂ mod p=f ₂(x ₁)+dx ₁ ² +ex ₁ modpwhich is equal to the initial first other local share 62(a) plus dx₁²+ex₁.

Updated second other local share 62(b) is:f ₂′(x ₂)=(a ₂ +d)x ₂ ²+(b ₂ +e)x ₂ +c ₂ mod p=f ₂(x ₂)+dx ₂ ² +ex ₂ modpwhich is equal to the initial second other local share 62(b) plus dx₂²+ex₂.

Updated first other remote share 64(a) is:f ₂′(x ₃)=(a ₂ +d)x ₃ ²+(b ₂ +e)x ₃ +c ₂ mod p=f ₂(x ₃)+dx ₃ ² +ex ₃ modpwhich is equal to the initial first other remote share 64(a) plus dx₃²+ex₃.

Updated second other remote share 64(b) is:f ₂′(x ₄)=(a ₂ +d)x ₄ ²+(b ₂ +e)x ₄ +c ₂ mod p=f ₂(x ₄)+dx ₄ ² +ex ₄ modpwhich is equal to the initial second other remote share 64(b) plus dx₄²+ex₄.

Thus, techniques for automatically propagating password updates ontoother devices 38 that use a shared password to protect respective securekeys or other secrets have been provided. This may be done bycalculating update data 56 using a new password 72 and an old password70 entered onto one device 32 as part of a password change operation,and sending the update data 56 to the other devices 38 for use inupdating the password on those devices 38.

While various embodiments of the present disclosure have beenparticularly shown and described, it will be understood by those skilledin the art that various changes in form and details may be made thereinwithout departing from the spirit and scope of the present disclosure asdefined by the appended claims.

For example, it should be understood that although various embodimentshave been described as being methods, software embodying these methodsis also included. Thus, one embodiment includes a tangiblecomputer-readable medium (such as, for example, a hard disk, a floppydisk, an optical disk, computer memory, flash memory, etc.) programmedwith instructions, which, when performed by a computer or a set ofcomputers, cause one or more of the methods described in variousembodiments to be performed. Another embodiment includes a computerwhich is programmed to perform one or more of the methods described invarious embodiments.

Finally, it should be understood that all embodiments which have beendescribed may be combined in all possible combinations with each other,except to the extent that such combinations have been explicitlyexcluded.

Finally, even if a technique, method, apparatus, or other concept isspecifically labeled as “conventional,” Applicants make no admissionthat such technique, method, apparatus, or other concept is actuallyprior art under 35 U.S.C. §102 or 35 U.S.C. §103, such determinationbeing a legal determination that depends upon many factors, not all ofwhich are known to Applicants at this time.

What is claimed is:
 1. A system comprising: a computing deviceconfigured to implement a (t, n) Shamir secret sharing scheme, the (t,n) Shamir secret sharing scheme providing access to a secret upon any tout of n shares being known for an integer t≧2 for an integer n>t, thecomputing device being further configured to: receive, from a user, apassword-update command including a new password that supersedes an oldpassword, the old password defining an old password share and the newpassword defining a new password share, the new password sharesuperseding the old password share as a user password share of the (t,n) Shamir secret sharing scheme implemented by the computing device;calculate update data using the new password share and the old passwordshare; and update one or more local shares of the (t, n) Shamir secretsharing scheme implemented by the computing device to be usable inconjunction with the new password share rather than the old passwordshare to provide access to a secret key; and another computing deviceconfigured to implement the (t, n) Shamir secret sharing scheme toprovide access to another secret key, the other computer device beingfurther configured to: receive the update data from the computingdevice; and update the one or more local shares of the other computingdevice of the (t, n) Shamir secret sharing scheme implemented by theother computing device using the update data, permitting the user toutilize the other computing device to reconstruct the other secret keywithout entering the old password.
 2. The system of claim 1 wherein:receiving the password update command includes receiving the oldpassword from the user; calculating the update data includes applying areversible operator to the new password share and the old passwordshare; updating the one or more local shares includes: reconstructingthe secret key using the (t, n) Shamir secret sharing scheme with theold password share and the one or more local shares; and generating oneor more updated local shares using the (t, n) Shamir secret sharingscheme with the reconstructed secret key and the new password share; andupdating the one or more local shares of the other computing device bythe other computing device includes: receiving the new password from theuser; reconstructing the old password share by applying the reversibleoperator in reverse to the update data and the new password share;reconstructing the other secret key using the (t, n) Shamir secretsharing scheme with the old password share and the one or more localshares of the other device; and generating one or more updated localshares of the other device using the (t, n) Shamir secret sharing schemewith the reconstructed other secret key and the new password share. 3.The system of claim 2 wherein the reversible operator is an exclusive-oroperator.
 4. The system of claim 2 wherein: the system further comprisesa cloud server storing one or more remote shares of the (t, n) Shamirsecret sharing scheme implemented by the computing device and one ormore remote shares for the other computing device of the (t, n) Shamirsecret sharing scheme implemented by the other computing device; thecomputing device is further configured to send the update data to thecloud server; and the cloud server is configured to update the one ormore remote shares and the one or more remote shares for the othercomputing device by: receiving the new password from the user;reconstructing the old password share by applying the reversibleoperator in reverse to the update data and the new password share;reconstructing the secret key using the (t, n) Shamir secret sharingscheme with the old password share and the one or more remote shares;reconstructing the other secret key using the (t, n) Shamir secretsharing scheme with the old password share and the one or more remoteshares for the other device; generating one or more updated remoteshares using the (t, n) Shamir secret sharing scheme with thereconstructed secret key and the new password share; and generating oneor more updated remote shares for the other computing device using the(t, n) Shamir secret sharing scheme with the reconstructed other secretkey and the new password share.
 5. The system of claim 1 wherein: theone or more local shares include a first local share and a second localshare and the one or more local shares of the other computing deviceinclude a first local share of the other computing device and a secondlocal share of the other computing device; receiving the password updatecommand includes receiving the old password from the user; calculatingthe update data includes: calculating a difference between the newpassword share and the old password share; and generating two values, dand e, which sum to the calculated difference between the new passwordshare and the old password share, the update data including d and e;updating the one or more local shares includes adding a first functionof d and e to the first local share and a second function of d and e tothe second local share; and updating the one or more local shares of theother computing device by the other computing device includes adding thefirst function of d and e to the first local share of the othercomputing device and the second function of d and e to the second localshare of the other computing device.
 6. The system of claim 5 wherein:the (t, n) Shamir secret sharing scheme implemented by the computingdevice includes a first function f₁(x)=a₁x²+b₁x+c₁, with the secret keybeing equal to f₁(0), the old password share being equal to f₁(1), thefirst local share being equal to f₁(x₁), and the second local sharebeing equal to f₁(x₂) for pre-defined values, x₁, x₂; adding the firstfunction of d and e to the first local share by the other computingdevice includes adding dx₁ ²+ex₁ to the first local share; and addingthe second function of d and e to the second local share by the othercomputing device includes adding dx₂ ²+ex₂ to the second local share. 7.The system of claim 6 wherein: the system further comprises a cloudserver storing a first remote share and a second remote share, the firstremote share being equal to f₁(x₃), and the second remote share beingequal to f₁(x₄) for pre-defined values, x₃, x₄; the computing device isfurther configured to send the update data to the cloud server; and thecloud server is configured to update the first remote share and thesecond remote share by: adding dx₃ ²+ex₃ to the first remote share; andadding dx₄ ²+ex₄ to the second remote share.
 8. The system of claim 6wherein: the (t, n) Shamir secret sharing scheme implemented by theother computing device includes a second function f₂(x)=a₂x²+b₂x+c₂,with the other secret key being equal to f₂(0), the old password sharealso being equal to f₂(1), the first local share of the other computingdevice being equal to f₂(x₁), and the second local share of the othercomputing device being equal to f₂(x₂); adding the first function of dand e to the first local share of the other computing device by theother computing device includes adding dx₁ ²+ex₁ to the first localshare of the other computing device; and adding the second function of dand e to the second local share of the other computing device by theother computing device includes adding dx₂ ²+ex₂ to the second localshare of the other computing device.
 9. The system of claim 8 wherein:the system further comprises a cloud server storing a first remote sharefor the other computing device and a second remote share for the othercomputing device, the first remote share for the other computing devicebeing equal to f₂(x₃), and the second remote share for the othercomputing device being equal to f₂(x₄) for pre-defined values, x₃, x₄;the computing device is further configured to send the update data tothe cloud server; and the cloud server is configured to update the firstremote share for the other computing device and the second remote sharefor the other computing device by: adding dx₃ ²+ex₃ to the first remoteshare for the other computing device; and adding dx₄ ²+ex₄ to the secondremote share for the other computing device.
 10. The system of claim 1wherein: the system further comprises a cloud server storing one or moreremote shares of the (t, n) Shamir secret sharing scheme implemented bythe computing device; the one or more local shares include a first localshare and a second local share and the one or more local shares of theother computing device include a first local share of the othercomputing device and a second local share of the other computing device;calculating the update data includes: reconstructing the old passwordshare using the (t, n) Shamir secret sharing scheme implemented by thecomputing device with the one or more local shares and the one or moreremote shares from the cloud server; calculating a difference betweenthe new password share and the old password share; and generating twovalues, d and e, which sum to the calculated difference between the newpassword share and the old password share, the update data including dand e; updating the one or more local shares includes adding a firstfunction of d and e to the first local share and a second function of dand e to the second local share; and updating the one or more localshares of the other computing device by the other computing deviceincludes adding the first function of d and e to the first local shareof the other computing device and the second function of d and e to thesecond local share of the other computing device.
 11. The system ofclaim 10 wherein: the (t, n) Shamir secret sharing scheme implemented bythe computing device includes a first function f₁(x)=a₁x²+b₁x+c₁, withthe secret key being equal to f₁(0), the old password share being equalto f₁(1), the first local share being equal to f₁(x₁), and the secondlocal share being equal to f₁(x₂) for pre-defined values, x₁, x₂; addingthe first function of d and e to the first local share by the othercomputing device includes adding dx₁ ²+ex₁ to the first local share; andadding the second function of d and e to the second local share by theother computing device includes adding dx₂ ²+ex₂ to the second localshare.
 12. The system of claim 11 wherein: the first remote share isequal to f₁(x₃), and the second remote share is equal to f₁(x₄) forpre-defined values, x₃, x₄; the computing device is further configuredto send the update data to the cloud server; and the cloud server isconfigured to update the first remote share and the second remote shareby: adding dx₃ ²+ex₃ to the first remote share; and adding dx₄ ²+ex₄ tothe second remote share.
 13. The system of claim 11 wherein: the (t, n)Shamir secret sharing scheme implemented by the other computing deviceincludes a second function f₂(x)=a₂x²+b₂x+c₂, with the other secret keybeing equal to f₂(0), the old password share also being equal to f₂(1),the first local share of the other computing device being equal tof₂(x₁), and the second local share of the other computing device beingequal to f₂(x₂); adding the first function of d and e to the first localshare of the other computing device by the other computing deviceincludes adding dx₁ ²+ex₁ to the first local share of the othercomputing device; and adding the second function of d and e to thesecond local share of the other computing device by the other computingdevice includes adding dx₂ ²+ex₂ to the second local share of the othercomputing device.
 14. The system of claim 13 wherein: the cloud serverfurther stores a first remote share for the other computing device and asecond remote share for the other computing device, the first remoteshare for the other computing device being equal to f₂(x₃), and thesecond remote share for the other computing device being equal to f₂(x₄)for pre-defined values, x₃, x₄; the computing device is furtherconfigured to send the update data to the cloud server; and the cloudserver is configured to update the first remote share for the othercomputing device and the second remote share for the other computingdevice by: adding dx₃ ²+ex₃ to the first remote share for the othercomputing device; and adding dx₄ ²+ex₄ to the second remote share forthe other computing device.
 15. A method performed by a computing deviceconfigured to implement a (t, n) Shamir secret sharing scheme, the (t,n) Shamir secret sharing scheme providing access to a secret upon any tout of n shares being known for an integer t≧2 for an integer n>t, themethod comprising: receiving, from a user, a password-update commandincluding a new password that supersedes an old password, the oldpassword defining an old password share and the new password defining anew password share, the new password share superseding the old passwordshare as a user password share of the (t, n) Shamir secret sharingscheme implemented by the computing device; calculating update datausing the new password share and the old password share; updating one ormore local shares of the (t, n) Shamir secret sharing scheme implementedby the computing device to be usable in conjunction with the newpassword share rather than the old password share to provide access to asecret key; and sending the update data to another computing deviceconfigured to implement the (t, n) Shamir secret sharing scheme toprovide access to another secret key, the other computing device beingconfigured to update one or more local shares of the other computingdevice of the (t, n) Shamir secret sharing scheme implemented by theother computing device using the update data, permitting the user toutilize the other computing device to reconstruct the other secret keywithout entering the old password.
 16. The method of claim 15 wherein:receiving the password update command includes receiving the oldpassword from the user; calculating the update data includes applying areversible operator to the new password share and the old passwordshare; and updating the one or more local shares includes:reconstructing the secret key using the (t, n) Shamir secret sharingscheme with the old password share and the one or more local shares; andgenerating one or more updated local shares using the (t, n) Shamirsecret sharing scheme with the reconstructed secret key and the newpassword share.
 17. The method of claim 15 wherein: the one or morelocal shares include a first local share and a second local share andthe one or more local shares of the other computing device include afirst local share of the other computing device and a second local shareof the other computing device; calculating the update data includes:reconstructing the old password share using the (t, n) Shamir secretsharing scheme implemented by the computing device with the one or morelocal shares and one or more remote shares from the cloud server of the(t, n) Shamir secret sharing scheme implemented by the computing device;calculating a difference between the new password share and the oldpassword share; and generating two values, d and e, which sum to thecalculated difference between the new password share and the oldpassword share, the update data including d and e; and updating the oneor more local shares includes adding a first function of d and e to thefirst local share and a second function of d and e to the second localshare.
 18. A computer program product comprising a non-transitorycomputer-readable storage medium storing a set of instructions, which,when executed by a computing device implement a (t, n) Shamir secretsharing scheme, the (t, n) Shamir secret sharing scheme providing accessto a secret upon any t out of n shares being known for an integer t≧2for an integer n>t, cause the computing device to: receive, from a user,a password-update command including a new password that supersedes anold password, the old password defining an old password share and thenew password defining a new password share, the new password sharesuperseding the old password share as a user password share of the (t,n) Shamir secret sharing scheme implemented by the computing device;calculate update data using the new password share and the old passwordshare; update one or more local shares of the (t, n) Shamir secretsharing scheme implemented by the computing device to be usable inconjunction with the new password share rather than the old passwordshare to provide access to a secret key; and send the update data toanother computing device configured to implement the (t, n) Shamirsecret sharing scheme to provide access to another secret key, the othercomputing device being configured to update one or more local shares ofthe other computing device of the (t, n) Shamir secret sharing schemeimplemented by the other computing device using the update data,permitting the user to utilize the other computing device to reconstructthe other secret key without entering the old password.
 19. The computerprogram product of claim 18 wherein: receiving the password updatecommand includes receiving the old password from the user; calculatingthe update data includes applying a reversible operator to the newpassword share and the old password share; and updating the one or morelocal shares includes: reconstructing the secret key using the (t, n)Shamir secret sharing scheme with the old password share and the one ormore local shares; and generating one or more updated local shares usingthe (t, n) Shamir secret sharing scheme with the reconstructed secretkey and the new password share.
 20. The computer program product ofclaim 18 wherein: the one or more local shares include a first localshare and a second local share and the one or more local shares of theother computing device include a first local share of the othercomputing device and a second local share of the other computing device;calculating the update data includes: reconstructing the old passwordshare using the (t, n) Shamir secret sharing scheme implemented by thecomputing device with the one or more local shares and one or moreremote shares from the cloud server of the (t, n) Shamir secret sharingscheme implemented by the computing device; calculating a differencebetween the new password share and the old password share; andgenerating two values, d and e, which sum to the calculated differencebetween the new password share and the old password share, the updatedata including d and e; and updating the one or more local sharesincludes adding a first function of d and e to the first local share anda second function of d and e to the second local share.